Remote Code Execution Vulnerability in Intel McAfee ePolicy Orchestrator
CVE-2015-8765

8.3HIGH

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator
Vendor: CVE Published:; 8 January 2016

Summary

The vulnerability in Intel McAfee ePolicy Orchestrator allows attackers to exploit weaknesses in the handling of crafted serialized Java objects. This flaw is associated with the Apache Commons Collections library, potentially enabling attackers to execute arbitrary code remotely. Versions 4.6.9 and earlier, as well as specific updates in the 5.0.x, 5.1.x, and 5.3.x series, are impacted. Organizations using these affected versions should apply the necessary updates and mitigations to protect their systems.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/576313

third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 8, 2016